Shelm

Inspiration

From my experience as a SRE I have observed that when using helm charts developers and certain administrators often neglect the security best practices that are essential, negligence of security best practices can result in severe vulnerabilities which can be exploited by an attacker to either take control of your Kubernetes cluster or to destroy/damage your application data. And it is always good to enforce security best practices from the beginning. After all prevention is better than cure.

What it does

Shelm is a command line utility written in python 3 which lets users download secure by design helm charts. All our helm charts are tested strictly, using Datree. The CLI tool is connected to a backend API written using flask framework of python which lets users to list, search and download our helm charts.

Installation curl https://raw.githubusercontent.com/viploveb/shelm/master/install.sh | /bin/bash

Usage - 👉 shelm list This will list all the available shelm charts. 👉 shelm search Example - "shelm search haproxy" This will tell the user if the specified chart is available or not. 👉 shelm install This will download the specified chart.

How we built it

I used python argparse module of python to create a CLI utility and the for backend API flask is used. Our API is deployed on AWS. Users can easily download it using one single command that runs an installation script which is written in bash.

Challenges we ran into

Creating the bash script and make it work successfully was quite a challenge for me. But in the end it worked 🙌 Also yaml schema was a new thing for me so faced some trouble with but community came to the rescue 💪

Accomplishments that we're proud of

I am proud that I am finally able to make this project a reality and complete it in such a short period of time single handedly. 🕺

What we learned

I always wanted to get into open source and understand its nuts and bolts but never got a chance like this before. This hackathon helped me learn a lot about how open source works! Learned a lot about Datree and how to create custom policies using yaml schema. Will definitely work more on it in future and contribute useful stuff. Also learnt how to secure helm charts and kubernetes security best practices.

What's next for Shelm

To take shelm to the next level continous improvement is required. Create more secure helm charts and add them to our repo and improve our CLI and API with industry best practices and user experience.

Custom Datree policy

I have also created a policy which checks for security parameters. More about it can be read here

Built With

Updates

viplove bansal started this project — Dec 12, 2021 08:23 AM EST

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.

viplove bansal posted an update — Dec 12, 2021 07:29 AM EST

PS - This isn't my only contribution in this hackathon, I also create a custom policy and submitted a pr which you can find here. https://github.com/datreeio/datree/pull/320

Log in or sign up for Devpost to join the conversation.